<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">ntv</journal-id><journal-title-group><journal-title xml:lang="ru">Научно-технический вестник информационных технологий, механики и оптики</journal-title><trans-title-group xml:lang="en"><trans-title>Scientific and Technical Journal of Information Technologies, Mechanics and Optics</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2226-1494</issn><issn pub-type="epub">2500-0373</issn><publisher><publisher-name>Университет ИТМО</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.17586/2226-1494-2022-22-2-262-268</article-id><article-id custom-type="elpub" pub-id-type="custom">ntv-157</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>КОМПЬЮТЕРНЫЕ СИСТЕМЫ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>COMPUTER SCIENCE</subject></subj-group></article-categories><title-group><article-title>Облегченный подход к обнаружению вредоносных доменов с использованием машинного обучения</article-title><trans-title-group xml:lang="en"><trans-title>Lightweight approach for malicious domain detection using machine learning</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-5920-066X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Прадипа</surname><given-names>Г.</given-names></name><name name-style="western" xml:lang="en"><surname>Pradeepa</surname><given-names>G.</given-names></name></name-alternatives><bio xml:lang="ru"><p> Прадипа Ганесан — исследователь </p><p> Паллаварам, Ченнаи, 600117 </p></bio><bio xml:lang="en"><p> Ganesan Pradeepa — Research Scholar </p><p> Pallavaram, Chennai, 600117 </p></bio><email xlink:type="simple">pradeepa25.ganesan@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-8951-2242</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Деви</surname><given-names>Р.</given-names></name><name name-style="western" xml:lang="en"><surname>Devi</surname><given-names>R.</given-names></name></name-alternatives><bio xml:lang="ru"><p> Деви Радхакришнан — доцент </p><p> Паллаварам, Ченнаи, 600117 </p><p> sc 57195412460 </p></bio><bio xml:lang="en"><p>Radhakrishnan Devi — Associate Professor </p><p> Pallavaram, Chennai, 600117 </p><p> sc 57195412460 </p></bio><email xlink:type="simple">devi.scs@velsuniv.ac.in</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Институт науки, технологий и перспективных исследований Велса</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Vels Institute of Science, Technology and Advanced Studies</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2022</year></pub-date><pub-date pub-type="epub"><day>14</day><month>12</month><year>2024</year></pub-date><volume>22</volume><issue>2</issue><fpage>262</fpage><lpage>268</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Прадипа Г., Деви Р., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Прадипа Г., Деви Р.</copyright-holder><copyright-holder xml:lang="en">Pradeepa G., Devi R.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://ntv.elpub.ru/jour/article/view/157">https://ntv.elpub.ru/jour/article/view/157</self-uri><abstract><p>Веб-атаки используют уязвимости конечных пользователей и их систем. Атаки выполняют вредоносные действия, такие как кража конфиденциальной информации, внедрение вредоносных программ, перенаправление на вредоносные сайты без ведома пользователя. Вредоносные ссылки на веб-сайты распространяются через публикации в социальных сетях, электронные письма и сообщения. Жертвой может быть физическое лицо или организация, и каждый год такие действия приносят огромные денежные потери. В недавнем отчете Internet Security сказано, что 83 % систем в Интернете за последний год были заражены вредоносным программным обеспечением, так как пользователи не знали о воздействии вредоносного Uniform Resource Locator (URL)- адреса. Существует несколько способов обнаружения и предотвращения доступа к вредоносным доменным именам. Известные подходы основаны на черном списке, эвристических методах и методах, основанных на машинном глубоком обучении. В работе представлено облегченное решение классификации вредоносных доменных имен на основе машинного обучения. Большая часть существующих исследований направлена  на повышение точности классификации с помощью увеличения количества вредоносных признаков. В предложенном подходе использовано меньшее количество функций, включая лексические, основанные на содержании, наборе слов, популярных функциях для классификации вредоносных доменов. Результат эксперимента показал, что представленный подход работает лучше, чем существующие.</p></abstract><trans-abstract xml:lang="en"><p>The web-based attacks use the vulnerabilities of the end users and their system and perform malicious activities such as stealing sensitive information, injecting malwares, redirecting to malicious sites without their knowledge. Malicious website links are spread through social media posts, emails and messages. The victim can be an individual or an organization and it creates huge money loss every year. Recent Internet Security report states that 83 % of systems in the internet are infected by the malware during the last 12 months due to the users who do not aware of the malicious URL (Uniform Resource Locators) and its impacts. There are some methods to detect and prevent the access malicious domain name in the internet. Blacklist-based approaches, heuristic-based methods, and machine/deep learning-based methods are the three categories. This study provides a machine learning-based lightweight solution to classify malicious domain names. Most of the existing research work is focused on increasing the number of features for better classification accuracy. But the proposed approach uses fewer number of features which include lexical, content based, bag of words, popularity features for malicious domain classification. Result of the experiment shows that the proposed approach performs better than the existing one.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>машинное обучение</kwd><kwd>лексические признаки</kwd><kwd>вредоносный домен</kwd><kwd>опорный вектор</kwd><kwd>случайный лес</kwd><kwd>выбор признаков</kwd><kwd>кибербезопасность</kwd></kwd-group><kwd-group xml:lang="en"><kwd>machine learning</kwd><kwd>lexical features</kwd><kwd>malicious domain</kwd><kwd>support vector</kwd><kwd>random forest</kwd><kwd>feature selection</kwd><kwd>cyber security</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Warburton D. 2020 Phishing and Fraud Report [Электронный ресурс]. URL: https://www.f5.com/labs/articles/threatintelligence/2020-phishing-and-fraud-report (дата обращения: 11.11.2020).</mixed-citation><mixed-citation xml:lang="en">Warburton D. 2020 Phishing and Fraud Report [Электронный ресурс]. URL: https://www.f5.com/labs/articles/threatintelligence/2020-phishing-and-fraud-report (дата обращения: 11.11.2020).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Saleem Raja A., Vinodini R., Kavitha A. Lexical features based malicious URL detection using machine learning techniques // Materials Today: Proceedings. 2021. V. 47. Part 1. P. 163–166. https://doi.org/10.1016/j.matpr.2021.04.041</mixed-citation><mixed-citation xml:lang="en">Saleem Raja A., Vinodini R., Kavitha A. Lexical features based malicious URL detection using machine learning techniques // Materials Today: Proceedings. 2021. V. 47. Part 1. P. 163–166. https://doi.org/10.1016/j.matpr.2021.04.041</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Pradeepa G., Devi R. Review of malicious URL detection using machine learning // Advances in Intelligent Systems and Computing. 2021. V. 1397. P. 97–105. https://doi.org/10.1007/978-981-16-5301- 8_7</mixed-citation><mixed-citation xml:lang="en">Pradeepa G., Devi R. Review of malicious URL detection using machine learning // Advances in Intelligent Systems and Computing. 2021. V. 1397. P. 97–105. https://doi.org/10.1007/978-981-16-5301- 8_7</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Joshi A., Lloyd L., Westin P., Seethapathy S. Using lexical features for malicious URL detection - a machine learning approach // arXiv. 2019. arXiv:1910.06277.</mixed-citation><mixed-citation xml:lang="en">Joshi A., Lloyd L., Westin P., Seethapathy S. Using lexical features for malicious URL detection - a machine learning approach // arXiv. 2019. arXiv:1910.06277.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Tupsamudre H., Singh A.K., Lodha S. Everything is in the name — a URL based approach for phishing detection // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2019. V. 11527. P. 231–248. https://doi.org/10.1007/978-3-030-20951-3_21</mixed-citation><mixed-citation xml:lang="en">Tupsamudre H., Singh A.K., Lodha S. Everything is in the name — a URL based approach for phishing detection // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2019. V. 11527. P. 231–248. https://doi.org/10.1007/978-3-030-20951-3_21</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Sahoo D., Liu C., Hoi S.C.H. Malicious URL Detection using Machine Learning: A Survey // arXiv. 2017. arXiv:1701.07179.</mixed-citation><mixed-citation xml:lang="en">Sahoo D., Liu C., Hoi S.C.H. Malicious URL Detection using Machine Learning: A Survey // arXiv. 2017. arXiv:1701.07179.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Ma J., Saul L.K., Savage S., Voelker G.M. Identifying suspicious URLs: an application of large-scale online learning // Proc. of the 26th International Conference on Machine Learning (ICML). 2009. P. 681– 688. https://doi.org/10.1145/1553374.1553462</mixed-citation><mixed-citation xml:lang="en">Ma J., Saul L.K., Savage S., Voelker G.M. Identifying suspicious URLs: an application of large-scale online learning // Proc. of the 26th International Conference on Machine Learning (ICML). 2009. P. 681– 688. https://doi.org/10.1145/1553374.1553462</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Kevin McGrath D., Gupta M. Behind phishing: An examination of phisher modi operandi // Proc. of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET). 2008.</mixed-citation><mixed-citation xml:lang="en">Kevin McGrath D., Gupta M. Behind phishing: An examination of phisher modi operandi // Proc. of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET). 2008.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Hou Y.-T., Chang Y., Chen T., Laih C.-S., Chen C.-M. Malicious web content detection by machine learning // Expert Systems with Applications. 2010. V. 37. N 1. P. 55–60. https://doi.org/10.1016/j.eswa.2009.05.023</mixed-citation><mixed-citation xml:lang="en">Hou Y.-T., Chang Y., Chen T., Laih C.-S., Chen C.-M. Malicious web content detection by machine learning // Expert Systems with Applications. 2010. V. 37. N 1. P. 55–60. https://doi.org/10.1016/j.eswa.2009.05.023</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Fu A.Y., Liu W., Deng X. Detecting phishing web pages with visual similarity assessment based on earth mover’s distance (EMD) // IEEE Transactions on Dependable and Secure Computing. 2006. V. 3. N 4. P. 301–311. https://doi.org/10.1109/TDSC.2006.50</mixed-citation><mixed-citation xml:lang="en">Fu A.Y., Liu W., Deng X. Detecting phishing web pages with visual similarity assessment based on earth mover’s distance (EMD) // IEEE Transactions on Dependable and Secure Computing. 2006. V. 3. N 4. P. 301–311. https://doi.org/10.1109/TDSC.2006.50</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Sahingoz O.K., Buber E., Demir O., Diri B. Machine learning based phishing detection from URLs // Expert Systems with Applications. 2019. V. 117. P. 345–357. https://doi.org/10.1016/j.eswa.2018.09.029</mixed-citation><mixed-citation xml:lang="en">Sahingoz O.K., Buber E., Demir O., Diri B. Machine learning based phishing detection from URLs // Expert Systems with Applications. 2019. V. 117. P. 345–357. https://doi.org/10.1016/j.eswa.2018.09.029</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Patgiri R., Katari H., Kumar R., Sharma D. Empirical study on malicious URL detection using machine learning // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2019. V. 11319. P. 380–388. https://doi.org/10.1007/978-3-030-05366-6_31</mixed-citation><mixed-citation xml:lang="en">Patgiri R., Katari H., Kumar R., Sharma D. Empirical study on malicious URL detection using machine learning // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2019. V. 11319. P. 380–388. https://doi.org/10.1007/978-3-030-05366-6_31</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Xuan C.D., Nguyen H.D., Tisenko V.N. Malicious URL detection based on machine learning // International Journal of Advanced Computer Science and Applications (IJACSA). 2020. V. 11. N 1. http://doi.org/10.14569/IJACSA.2020.0110119</mixed-citation><mixed-citation xml:lang="en">Xuan C.D., Nguyen H.D., Tisenko V.N. Malicious URL detection based on machine learning // International Journal of Advanced Computer Science and Applications (IJACSA). 2020. V. 11. N 1. http://doi.org/10.14569/IJACSA.2020.0110119</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Catak F.O., Sahinbas K., Dörtkardeş V. Malicious URL detection using machine learning // Artificial Intelligence Paradigms for Smart Cyber-Physical Systems. 2021. P. 21. https://doi.org/10.4018/978-1-7998-5101-1.ch008</mixed-citation><mixed-citation xml:lang="en">Catak F.O., Sahinbas K., Dörtkardeş V. Malicious URL detection using machine learning // Artificial Intelligence Paradigms for Smart Cyber-Physical Systems. 2021. P. 21. https://doi.org/10.4018/978-1-7998-5101-1.ch008</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Butnaru A., Mylonas A., Pitropakis N. Towards lightweight URLbased phishing detection // Future Internet. 2021. V. 13. N 6. P. 154. https://doi.org/10.3390/fi13060154</mixed-citation><mixed-citation xml:lang="en">Butnaru A., Mylonas A., Pitropakis N. Towards lightweight URLbased phishing detection // Future Internet. 2021. V. 13. N 6. P. 154. https://doi.org/10.3390/fi13060154</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Browniee J. How to choose a feature selection method for machine learning [Электронный ресурс] . URL : https://machinelearningmastery.com/feature-selection-with-real-andcategorical-data/ (дата обращения: 20.08.2020).</mixed-citation><mixed-citation xml:lang="en">Browniee J. How to choose a feature selection method for machine learning [Электронный ресурс] . URL : https://machinelearningmastery.com/feature-selection-with-real-andcategorical-data/ (дата обращения: 20.08.2020).</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
